Forward the Original Title‘Advanced Airdrop Strategy - Survival Rules for Navigating the Witch Fog – An Analysis Based on 100 Projects’

📌 Core Rules for User Selection by Projects

When designing airdrop strategies, project teams rarely use a single standard for screening. Instead, they assess user quality from multiple dimensions to ensure that airdrops reach truly valuable addresses.

From a project’s perspective, the most desirable users are those with high TVL (Total Value Locked), high net worth, and those who can participate long-term in ecosystem development as real active users. Based on these principles, and combined with the strategies of historical airdrop projects, the author has summarized several core screening dimensions.

1️⃣ Interaction-Based Screening Criteria

• Transaction Frequency, Volume, and Activity: Reflects the user’s activity level on-chain. Frequent transactions and deep interactions indicate that the user has significant involvement in the ecosystem. However, excessively high data may indicate fake activity. For example, with Starknet W, many errors were made.
• Gas Consumption: The total transaction fees paid by users can indirectly reflect their actual participation and contribution. For example, Zkfair distributes airdrops based on gas consumption, and Morph uses gas to allocate points.
• Contract Interaction & Creation: This helps measure whether the user is involved in multiple ecosystem projects, distinguishing real users from those merely inflating their numbers. For example, Arb and zkSync both weight the number of contract interactions.

2️⃣ NFT & Asset-Based Screening Criteria

• Whitelist, Public Sale, Task Acquisition: These NFTs are typically limited in supply, helping control inflation. They serve as a voucher for airdrops and represent the user’s high level of involvement in the project. For instance, XAI distributes airdrops based on NFTs.
• OAT Badges and SBTs: As on-chain achievements or non-transferable identity credentials, these effectively prove a user’s long-term contribution and real participation. For example, ODO’s pilot OAT and Linea’s LXP.
• Holding Tokens & NFT Staking: Holding tokens or staking NFTs not only shows trust in the project’s assets but also might bring additional incentives. It also helps assess the quality of the user’s assets and their risk management. Examples include MOCA and PENGU’s NFT token airdrops.

3️⃣ Point Tasks & Task Platforms

• Point Accumulation and Ranking: Tasks completed on platforms like Galxe, Zealy, or official platforms allow users to accumulate points, with higher points indicating greater participation. Ranking can serve as an important basis for airdrop allocation. Examples include IO’s Galaxy Points and SCA’s points airdrops, as well as many LSD project airdrops.
• Cross-Ecosystem Tasks: Users are required to complete tasks across multiple platforms or ecosystems, providing a more comprehensive assessment of their overall activity and ecosystem contribution. For example, many Odyssey tasks, Move, and Linea require completing tasks across ecosystems to earn rewards.

4️⃣ Community & Social Contributions

• Twitter/Discord/Telegram Activity: Users engage in social tasks within communities, such as tweeting, sharing posts, participating in discussions, or doing translations, to earn identity markers. These tasks are more complex and have higher airdrop value. Examples include Kaito, where users earn points by interacting on Twitter, and Move’s Gorilla character, worth thousands of dollars. Dogs issue airdrops based on Telegram account age and activity.
• Early Members (OG Roles) & Invitation Contributions: Early participants or users acquired through invites are more likely to receive airdrops as an incentive for long-term involvement. For example, IP’s OG roles come with thousands of token airdrops.
• Content Creation & Social Media Interaction: Promotion and discussions on platforms like Twitter, Medium, or YouTube help spread awareness of a project, reflecting a user’s endorsement of the project. For instance, Move’s creator role.

5️⃣ Node Setup & Technical Contributions

• Full Nodes, Mining, Validators: Technical participation such as running nodes, mining, or serving as a validator directly supports network security and performance, making it highly valued by projects. For instance, IO’s workers use GPUs to mine points, Nillion nodes run on CPUs, and Grass earns points through IP and traffic.

6️⃣ GameFi & Entertainment Interaction

• Gold Farming, P2E: In GameFi projects, earning tokens through in-game tasks shows both user participation and their reliance on the project’s entertainment ecosystem. Examples include CATI, where users earn tokens by raising cats, and BigTime, where users mine tokens in the game.

⚔️ Offensive & Defensive Countermeasures Against Witch Addresses

🚨 Witch Address Identification Strategies by Projects

In a previous article’s data analysis, 32% of the 100 projects in 2024 explicitly checked for witch addresses.

The core purpose of identifying witch addresses in airdrop activities is a screening method to filter out high-quality, real addresses with significant contributions. This prevents airdrops from being taken over by large-scale, low-quality addresses. It is not only targeting studios but even individual users may be flagged as witch addresses if they fail to maintain consistent interactions. Just like projects constantly refining their screening rules, some studios still manage to secure favorable results. Therefore, understanding the strategies used by projects to identify witch addresses and adopting defensive measures is key to ensuring positive results. Below are some of the most obvious witch address risk types identified by the author.

📕 Witch Defense Tactics Manual

1️⃣ Abnormal Address Creation & Fund Movement

Projects prioritize checking the address creation time, deposit paths, and fund aggregation patterns. These behaviors are the easiest to be flagged as witch addresses, and the main tactics include:

• Creating Multiple Addresses on the Same Day: If many new addresses are created and funded on the same day, they are often flagged as batch witch accounts.
• One-to-Many or Many-to-One Transfers: If a single address sends funds to multiple smaller accounts, or multiple addresses aggregate funds into one wallet, it’s seen as an abnormal fund distribution.
• Similar Deposit Amounts in a Short Period: If several addresses make deposits of the same or similar amounts within a short time, it may be judged as one person controlling multiple accounts.
• Mass Withdrawals in a Short Period: If funds from multiple addresses are withdrawn simultaneously to the same wallet, it is considered high-risk behavior.

💡 Prevention Strategies:

• When creating new addresses, limit the number created per day and randomize deposit times to avoid bulk actions.
• Use sub-accounts on centralized exchanges (CEX) like Binance, OKX, etc., as intermediary stations to avoid on-chain aggregation.
• Randomize deposit amounts and times to avoid making large batches with fixed amounts or times.
• When withdrawing, space out the intervals and use different sub-addresses from different CEXs to withdraw.

2️⃣ Abnormal On-Chain Interaction Behavior

Projects will analyze address interaction patterns, generally referred to as “homogeneous interactions,” with particular focus on the following behaviors:

• Similar NFTs or Domain Names: If multiple addresses receive the same NFTs or domain names, it’s easy to identify as batch operations.
• Similar Transaction Counts: If multiple addresses have similar transaction counts or interact with similar contracts, it could be flagged as bot activity.
• Identical Transaction Sequences & Amounts: If the sequence, amounts, and counterparties are the same across addresses, it’s highly likely they will be identified as batch accounts.
• Fixed Interaction Times: If several addresses interact at the same time (e.g., completing tasks within 24 hours), the risk of detection is high.

💡 Prevention Strategies:

• Use different accounts for different tasks, stagger interaction times, and avoid performing the same operation at the same time.
• Insert “decoy projects” in the interaction chain, such as participating in low-cost DEX trades, lending, or other DApps to make interactions appear more natural.
• Randomly interact with different contracts, not all accounts should engage with the same DEX, bridge, or contract. Distribute interactions across different addresses and contracts.
• Spread interaction times evenly over 24 hours and avoid fixed synchronization of bulk operations.

3️⃣ IP & Off-Chain Data Analysis

In addition to on-chain data, projects also analyze off-chain data such as IP addresses, UI interactions, browser fingerprints, and social media activities to screen witch addresses:

• Same IP / Same Device: If multiple accounts share the same IP address or browser fingerprint, it carries a high risk of being identified as the same person operating the accounts.
• Similar Social Media Behavior: If multiple Twitter accounts post similar content, have the same like order, or engage in identical patterns, they may be flagged by the project.
• Email Associations: If multiple accounts use similar email naming conventions, they might trigger risk controls.
• UI Interface Checks: If users interact directly via smart contracts instead of through the project’s UI, some projects may trigger risk controls, such as with Electric Sheep.

💡 Prevention Strategies:

• Use proxy IPs and fingerprint browsers to alter device information.
• When managing accounts, focus on randomizing social interactions to avoid homogeneous content.
• Use different email addresses for registration, and avoid overly similar naming patterns.
• Prefer using frontend interaction scripts to avoid detection by UI-based checks.

🎯 Gradient Strategy: Distribute Accounts to Reduce Risk of Being Flagged

To improve airdrop success rates, it is recommended to use a gradient strategy to categorize accounts, avoiding the use of identical patterns across all accounts which may lead to a mass flagging. Projects are increasingly favoring high-quality accounts, with the reward distribution ratio varying greatly. For example, ZK’s highest and lowest addresses differ by 100 times in rewards, STRK by 20 times, and ARB by 16.32 times. According to ZK, having 100 high-quality accounts is equivalent to 10,000 low-tier accounts in terms of rewards. This approach allows for more efficient operation while reducing the risk of being flagged as a witch address. However, low-tier and lottery accounts are still essential. For instance, Tensor and Magic Eden are examples of success with low-tier accounts, while HMSTR represents a win with lottery accounts. The strategy chosen can drastically alter the outcome.

✅ Premium Accounts (Focus on Account Growth, High Investment)

• Ensure each metric is at least in the top 1%.
• Engage in high-quality interactions, participate in multiple ecosystems, and bind social accounts to provide human verification (e.g., Gitcoin).
• Use personal wallets with a small number of premium tokens to increase on-chain ecosystem contributions.
• Simulate real user behaviour and long-term operation to avoid one-time airdrop farming.

✅ Low-Tier Accounts (Minimal Airdrop Threshold, Moderate Activity)

• Ensure each metric is at least in the top 20%.
• Only participate in core airdrop tasks without obvious witch-like behavior.
• Execute moderate trading, avoiding overly frequent or regular interactions.

✅ Lottery Accounts (Bulk Accounts, Low-Cost Experimentation)

• Only complete simple, high-cost-effectiveness tasks while strictly controlling expenses.
• May employ more aggressive strategies, but not at the expense of the primary accounts.

🧠Conclusion

With the rapid development of AI and on-chain analysis technologies, witch address detection methods are becoming increasingly sophisticated, and simple batch operations are no longer effective.

For studios, witch-like operations require more randomness and simulation of real user behavior, and strategies should be adjusted flexibly, combining gradient accounts, decentralized interactions, and optimized fund paths to reduce the chances of being flagged.

For individuals without the operational capacity of a studio team, it’s advised to focus on a small number of premium accounts with refined operations. By participating in multiple ecosystems, increasing social engagement, and building a real identity chain, one can maximize airdrop returns. Only by understanding both the project’s filtering logic and adjusting strategies accordingly can one stand strong in the airdrop game!

Disclaimer:

1. This article is reproduced from [X]，Original title “Advanced Airdrop Strategy - Survival Rules for Navigating the Witch Fog – An Analysis Based on 100 Projects”, the copyright belongs to the original author [@crypto_laodong], if you have any objection to the reprint, please contact Gate Learn Team, the team will handle it as soon as possible according to relevant procedures.
2. Disclaimer: The views and opinions expressed in this article represent only the author’s personal views and do not constitute any investment advice.
3. Other language versions of the article are translated by the Gate Learn team, not mentioned in Gate.io, the translated article may not be reproduced, distributed or plagiarized.